mirror of https://github.com/OISF/suricata
				
				
				
			detect/template: move test to own file in src/tests/
							parent
							
								
									1bb8fcecec
								
							
						
					
					
						commit
						d3e5c15995
					
				| @ -0,0 +1,103 @@ | ||||
| /* Copyright (C) 2015-2018 Open Information Security Foundation
 | ||||
|  * | ||||
|  * You can copy, redistribute or modify this Program under the terms of | ||||
|  * the GNU General Public License version 2 as published by the Free | ||||
|  * Software Foundation. | ||||
|  * | ||||
|  * This program is distributed in the hope that it will be useful, | ||||
|  * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||||
|  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the | ||||
|  * GNU General Public License for more details. | ||||
|  * | ||||
|  * You should have received a copy of the GNU General Public License | ||||
|  * version 2 along with this program; if not, write to the Free Software | ||||
|  * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA | ||||
|  * 02110-1301, USA. | ||||
|  */ | ||||
| 
 | ||||
| #include "../util-unittest.h" | ||||
| #include "../util-unittest-helper.h" | ||||
| #include "../app-layer-parser.h" | ||||
| #include "../detect-engine.h" | ||||
| #include "../detect-parse.h" | ||||
| #include "../flow-util.h" | ||||
| #include "../stream-tcp.h" | ||||
| 
 | ||||
| static int DetectTemplateBufferTest(void) | ||||
| { | ||||
|     AppLayerParserThreadCtx *alp_tctx = AppLayerParserThreadCtxAlloc(); | ||||
|     FAIL_IF_NULL(alp_tctx); | ||||
| 
 | ||||
|     Flow f; | ||||
|     Packet *p; | ||||
|     TcpSession tcp; | ||||
|     ThreadVars tv; | ||||
|     Signature *s; | ||||
| 
 | ||||
|     uint8_t request[] = "Hello World!"; | ||||
| 
 | ||||
|     /* Setup flow. */ | ||||
|     memset(&f, 0, sizeof(Flow)); | ||||
|     memset(&tcp, 0, sizeof(TcpSession)); | ||||
|     memset(&tv, 0, sizeof(ThreadVars)); | ||||
|     p = UTHBuildPacket(request, sizeof(request), IPPROTO_TCP); | ||||
|     FLOW_INITIALIZE(&f); | ||||
|     f.alproto = ALPROTO_TEMPLATE; | ||||
|     f.protoctx = (void *)&tcp; | ||||
|     f.proto = IPPROTO_TCP; | ||||
|     f.flags |= FLOW_IPV4; | ||||
|     p->flow = &f; | ||||
|     p->flags |= PKT_HAS_FLOW | PKT_STREAM_EST; | ||||
|     p->flowflags |= FLOW_PKT_TOSERVER | FLOW_PKT_ESTABLISHED; | ||||
|     StreamTcpInitConfig(TRUE); | ||||
| 
 | ||||
|     DetectEngineCtx *de_ctx = DetectEngineCtxInit(); | ||||
|     FAIL_IF_NULL(de_ctx); | ||||
| 
 | ||||
|     /* This rule should match. */ | ||||
|     s = DetectEngineAppendSig(de_ctx, | ||||
|         "alert tcp any any -> any any (" | ||||
|         "msg:\"TEMPLATE Test Rule\"; " | ||||
|         "template_buffer; content:\"World!\"; " | ||||
|         "sid:1; rev:1;)"); | ||||
|     FAIL_IF_NULL(s); | ||||
| 
 | ||||
|     /* This rule should not match. */ | ||||
|     s = DetectEngineAppendSig(de_ctx, | ||||
|         "alert tcp any any -> any any (" | ||||
|         "msg:\"TEMPLATE Test Rule\"; " | ||||
|         "template_buffer; content:\"W0rld!\"; " | ||||
|         "sid:2; rev:1;)"); | ||||
|     FAIL_IF_NULL(s); | ||||
| 
 | ||||
|     SigGroupBuild(de_ctx); | ||||
| 
 | ||||
|     DetectEngineThreadCtx *det_ctx = NULL; | ||||
|     DetectEngineThreadCtxInit(&tv, (void *)de_ctx, (void *)&det_ctx); | ||||
|     FAIL_IF_NULL(det_ctx); | ||||
| 
 | ||||
|     AppLayerParserParse(NULL, alp_tctx, &f, ALPROTO_TEMPLATE, | ||||
|                         STREAM_TOSERVER, request, sizeof(request)); | ||||
| 
 | ||||
|     /* Check that we have app-layer state. */ | ||||
|     FAIL_IF_NULL(f.alstate); | ||||
| 
 | ||||
|     SigMatchSignatures(&tv, de_ctx, det_ctx, p); | ||||
|     FAIL_IF(!PacketAlertCheck(p, 1)); | ||||
|     FAIL_IF(PacketAlertCheck(p, 2)); | ||||
| 
 | ||||
|     /* Cleanup. */ | ||||
|     AppLayerParserThreadCtxFree(alp_tctx); | ||||
|     DetectEngineThreadCtxDeinit(&tv, det_ctx); | ||||
|     DetectEngineCtxFree(de_ctx); | ||||
|     StreamTcpFreeConfig(TRUE); | ||||
|     FLOW_DESTROY(&f); | ||||
|     UTHFreePacket(p); | ||||
| 
 | ||||
|     PASS; | ||||
| } | ||||
| 
 | ||||
| static void DetectTemplateBufferRegisterTests(void) | ||||
| { | ||||
|     UtRegisterTest("DetectTemplateBufferTest", DetectTemplateBufferTest); | ||||
| } | ||||
					Loading…
					
					
				
		Reference in New Issue